picnoir/glibc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix parsing of numeric hosts in gethostbyname_r

Browse source
This commit is contained in:
Andreas Schwab 2013-01-21 17:41:28 +01:00
parent fef94eab0b
commit d5dd6189d5
6 changed files with 83 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ChangeLog
View file

@ -1,3 +1,17 @@
2013-05-21 Andreas Schwab <schwab@suse.de>
[BZ #15014]
* nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME))
[HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was
successful.
* nss/digits_dots.c (__nss_hostname_digits_dots): Remove
redundant variable declarations and reallocation of buffer when
parsing as IPv6 address. Always set NSS status when called from
reentrant functions. Use NETDB_INTERNAL instead of TRY_AGAIN when
buffer too small. Correct computation of needed size.
* nss/Makefile (tests): Add test-digits-dots.
* nss/test-digits-dots.c: New test.
2013-05-21 Siddhesh Poyarekar <siddhesh@redhat.com>
* benchtests/Makefile: Remove instructions for adding

12
NEWS
View file

@ -13,12 +13,12 @@ Version 2.18
12723, 13550, 13889, 13951, 13988, 14142, 14176, 14200, 14280, 14293,
14317, 14327, 14478, 14496, 14582, 14686, 14812, 14888, 14908, 14920,
14952, 14964, 14981, 14982, 14985, 14994, 14996, 15000, 15003, 15006,
15007, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084, 15085,
15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287, 15304,
15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15342, 15346,
15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406, 15409, 15416,
15418, 15419, 15423, 15424, 15426, 15429, 15442, 15448, 15480, 15485,
15488, 15490, 15493, 15497.
15007, 15014, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15084,
15085, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287,
15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15342,
15346, 15359, 15361, 15366, 15380, 15394, 15395, 15405, 15406, 15409,
15416, 15418, 15419, 15423, 15424, 15426, 15429, 15442, 15448, 15480,
15485, 15488, 15490, 15493, 15497.
* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
#15078).

2
nss/Makefile
View file

@ -37,7 +37,7 @@ install-bin := getent makedb
makedb-modules = xmalloc hash-string
extra-objs += $(makedb-modules:=.o)
tests = test-netdb tst-nss-test1
tests = test-netdb tst-nss-test1 test-digits-dots
xtests = bug-erange
include ../Makeconfig

73
nss/digits_dots.c
View file

@ -46,7 +46,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
{
if (h_errnop)
*h_errnop = NETDB_INTERNAL;
*result = NULL;
if (buffer_size == NULL)
*status = NSS_STATUS_TRYAGAIN;
else
*result = NULL;
return -1;
}
@ -83,14 +86,16 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
}
size_needed = (sizeof (*host_addr)
+ sizeof (*h_addr_ptrs) + strlen (name) + 1);
+ sizeof (*h_addr_ptrs)
+ sizeof (*h_alias_ptr) + strlen (name) + 1);
if (buffer_size == NULL)
{
if (buflen < size_needed)
{
*status = NSS_STATUS_TRYAGAIN;
if (h_errnop != NULL)
*h_errnop = TRY_AGAIN;
*h_errnop = NETDB_INTERNAL;
__set_errno (ERANGE);
goto done;
}
@ -109,7 +114,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
*buffer_size = 0;
__set_errno (save);
if (h_errnop != NULL)
*h_errnop = TRY_AGAIN;
*h_errnop = NETDB_INTERNAL;
*result = NULL;
goto done;
}
@ -149,7 +154,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
if (! ok)
{
*h_errnop = HOST_NOT_FOUND;
if (buffer_size)
if (buffer_size == NULL)
*status = NSS_STATUS_NOTFOUND;
else
*result = NULL;
goto done;
}
@ -190,7 +197,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
if (buffer_size == NULL)
*status = NSS_STATUS_SUCCESS;
else
*result = resbuf;
*result = resbuf;
goto done;
}
@ -201,15 +208,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
{
const char *cp;
char *hostname;
typedef unsigned char host_addr_t[16];
host_addr_t *host_addr;
typedef char *host_addr_list_t[2];
host_addr_list_t *h_addr_ptrs;
size_t size_needed;
int addr_size;
switch (af)
{
default:
@ -225,7 +223,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
/* This is not possible. We cannot represent an IPv6 address
in an `struct in_addr' variable. */
*h_errnop = HOST_NOT_FOUND;
*result = NULL;
if (buffer_size == NULL)
*status = NSS_STATUS_NOTFOUND;
else
*result = NULL;
goto done;
case AF_INET6:
@ -233,42 +234,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
break;
}
size_needed = (sizeof (*host_addr)
+ sizeof (*h_addr_ptrs) + strlen (name) + 1);
if (buffer_size == NULL && buflen < size_needed)
{
if (h_errnop != NULL)
*h_errnop = TRY_AGAIN;
__set_errno (ERANGE);
goto done;
}
else if (buffer_size != NULL && *buffer_size < size_needed)
{
char *new_buf;
*buffer_size = size_needed;
new_buf = realloc (*buffer, *buffer_size);
if (new_buf == NULL)
{
save = errno;
free (*buffer);
__set_errno (save);
*buffer = NULL;
*buffer_size = 0;
*result = NULL;
goto done;
}
*buffer = new_buf;
}
memset (*buffer, '\0', size_needed);
host_addr = (host_addr_t *) *buffer;
h_addr_ptrs = (host_addr_list_t *)
((char *) host_addr + sizeof (*host_addr));
hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
for (cp = name;; ++cp)
{
if (!*cp)
@ -281,7 +246,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
if (inet_pton (AF_INET6, name, host_addr) <= 0)
{
*h_errnop = HOST_NOT_FOUND;
if (buffer_size)
if (buffer_size == NULL)
*status = NSS_STATUS_NOTFOUND;
else
*result = NULL;
goto done;
}

5
nss/getXXbyYY_r.c
View file

@ -179,6 +179,9 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer,
case -1:
return errno;
case 1:
#ifdef NEED_H_ERRNO
any_service = true;
#endif
goto done;
}
#endif
@ -288,7 +291,7 @@ done:
/* Either we failed to lookup the functions or the functions themselves
had a system error. Set NETDB_INTERNAL here to let the caller know
that the errno may have the real reason for failure. */
*h_errnop = NETDB_INTERNAL;
*h_errnop = NETDB_INTERNAL;
else if (status != NSS_STATUS_SUCCESS && !any_service)
/* We were not able to use any service. */
*h_errnop = NO_RECOVERY;

38
nss/test-digits-dots.c Normal file
View file

@ -0,0 +1,38 @@
/* Copyright (C) 2013 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
/* Testcase for BZ #15014 */
#include <stdlib.h>
#include <netdb.h>
#include <errno.h>
static int
do_test (void)
{
char buf[32];
struct hostent *result = NULL;
struct hostent ret;
int h_err = 0;
int err;
err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err);
return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE;
}
#define TEST_FUNCTION do_test ()
#include "../test-skeleton.c"